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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)Q This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^] Claim(s) 1-4.6.8.9.13-21.23 and 25 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed, 

6) IS Claim(s) 1-4. 6. 8-9. 13-17. 18-21. 23 & 25 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 
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2.D Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 



In view of the Remand/Reversal Decision by the Board Of Appeals filed on 9/27/06, 
PROSECUTION IS HEREBY REOPENED. The issues raised by the Board are addressed 
below as well as a new grounds of rejection. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1 . 1 1 1 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .3 1 followed by an 
appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee 
can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have 
been increased since they were previously paid, then appellant must pay the difference between 
the increased fees and the amount previously paid. 

A Technology Center Director or designee has approved this supplemental examiner's 
answer by signing below: 




or 




Wynn Coggins, Director T.C. 3600 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-4, 6, 8-9, 13-17, 18-21, 23 & 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Findley in view of French et al. 

Findley teaches a system for selectively blocking a current remote purchase request based 
on information gained from at least a previous remote purchase request. In particular, the device 
of Findley includes: (1) a first data input subsystem capable of receiving purchase request 
information sets including a credit card number, merchandise descriptions and origin (prompting 
user with options for selecting goods and/or services during a current transaction); (2) a memory 
subsystem that receives the information set from previous and current purchase requests (storing 
selections of goods and/or services made by an authorized user during a previous transaction); 
(3) a logic subsystem that compares the purchase request record of the current purchase request 
with the purchase request record of the previous purchase request (comparing the options for 
goods and/or services selected by the user with the user's pre-stored selections of goods and/or 
services); and that automatically blocks the current remote purchase if the comparison meets any 
one of a predetermined set of criteria (reference Abstract). 

Examiner notes that in order for memory sub-system of Findley to receive an information 
set containing previous remote purchase information, the sub-system must store the selections 
made by a user of goods and/or services. As such, Examiner asserts that generating a user 
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profile of selections of goods and/or services made by a user during past transactions is inherent 
and necessarily present to the system of Findley, because without such a profile the system 
would be unable to retrieve that information. 

Findley teaches computing "history factors" for credit card numbers so that an algorithm 
can take into account the legitimate purchase history of the credit card. Findley goes on to teach 
in a preferred embodiment, that a purchase request from a credit card number that has been used 
to make legitimate purchases from a merchant in the past is less likely to be fraudulent than a 
card being encountered for the first time (column 3; lines 50-57). In other words, if the current 
merchant is inconsistent with the user's pre-stored profile of past merchants the system blocks 
the transaction. 

Examiner notes that this teaching is important for two reasons. First it illustrates that 
historical data can be and is taken from a plurality of facilities/merchants (Claims 3 and 20). 
Secondly, it illustrates that the system and method of Findley is designed to encourage and 
protect repetitive and consistent purchases. Examiner notes that while Findley teaches many 
criteria for detecting fraud, this example illustrates that Findley recognizes, teaches and uses 
inconsistency (same as Appellant) as one of those ways. In addition, Examiner notes that * 
because Findley also teaches other criteria for detecting fraud that differ from Appellant's 
invention, that does not mean Findley doesn't also teach Appellant's method. Finally, Examiner 
asserts that teaching a method of detecting fraud by looking for consistency (i.e. someone buying 
100 stereo receivers) does not inherently exclude the same system from also checking for 
inconsistency (i.e. a new supplier, a different brand or grade of gas, etc.). 
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Findley goes on to teach in another embodiment that an inquiry is made into whether or 
not an item in the same merchant-defined merchandise category had been purchased within the 
previous set time period (column 4; lines 49-53). Examiner notes that this teaching by Findley is 
also important for two reasons. First, it illustrates that while the system of Findley starts by 
grouping items according to merchandise category, it also must make a comparison on an item- 
by-item level. This concept is supported by Findley in the example of a ring of thieves 
attempting to steal handbags of a particular make (emphasis added) (column 4; lines 49-61). In 
order to determine the particular make, the system must make the comparison on an item-by- 
item basis and not just based on the merchandise category (i.e. handbag or accessory). 

Secondly this teaching illustrates that the system of Findley must collect and save item 
specific information about a users purchase. Examiner notes that without item specific 
information the system of Findley would be unable to perform the inquiry described above. As 
such, collecting and storing a profile of selections of goods and services is inherent and 
necessarily present to the teachings of Findley as there would be no other way to determine a 
particular make (this is similar to a particular grade of gas). 

Examiner recognizes that specific embodiment of the item-by-item comparison of 
Findley relates to quantity. In particular, the system compares how many of a specific item have 
been purchased in the past, thus blocking the purchase based on too much consistency, rather . 
than any inconsistency. However, Examiner once again points out that Findley also teaches an 
embodiment in which the system searches for inconsistencies associated with merchants (i.e. 
comparing the current merchant with a pre-stored profile of past merchants and blocking the 
transaction if the current merchant is inconsistent with the pre-stored profile). 
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Therefore, Examiner notes that neither embodiment limits the scope of the system of 
Findley but rather serve as examples of the type of conditions within the predetermined criteria 
used by the logic subsystem of Findley. 

The system of Findley fails to specifically teach a system that requires a user to answer, 
correctly, multiple security-related questions if the options for goods and/or services by the user 
are inconsistent with a user's prestored selection of goods and/or services. 

French et al. teaches a method of authenticating via an authentication process which 
"may invoke association check 24 to evaluate whether the request under consideration is 
associated with other requests or attempts, whether recent, concurrent or otherwise. The purpose 
of the association checks is to filter requests suspected to be fraudulent or part of an attack of 
some kind." (see column 6, lines 46-53). 

French et al. goes on to teach on column 6, line 58 through column 7, line 5: 

"In a preferred embodiment, authentication process 10 stores information received 
through all requests in the authorization database 152, which stores transaction record 
1 12 logging all input received from the user. Using this information, association checks 
based upon available data are facilitated. For example, if one attempt at access includes a 
name and an associated social security number, a concurrent or later request with the 
same name but a different social security number may be denied or flagged for further 
authentication . 

Conversely, if the later request includes a different name but the previously 
submitted social security number, the request may also be denied or flagged for fiirther 
authentication. Association checks can examine any data provided by the user before or 
during the preprocessing step 26." 



Examiner notes that the passages relied upon by French et al. clearly teaches 
checking a user's options with prestored information and if the check is inconsistent the system 
requires further authentication. Examiner notes that the further authentication of French et al. 
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includes requiring the user to answer a security-related question (see for example column 3, lines 
18-22). 

It would have been obvious to one of ordinary skill in the art at the time of the present 
invention to modify the teachings of Findley to require a user to answer, correctly, multiple 
security-related questions if the options for goods and/or services by the user are inconsistent 
with a user's prestored selection of goods and/or services as taught by French. One of ordinary 
skill in the art would have been motivated to make such a modification in order to filter requests 
suspected to be fraudulent or part of an attack of some kind." (see French column 6, lines 46-53). 

Claims 5, 10 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Findley in view of French et al. in further view of Penzias. The system of Findley in view of 
French et al., as described above does not teach a system that stores selections made with a 
plurality of credit or debit cards. Penzias teaches a system of providing an individual protection 
for remote purchases; in particular the system applies to multiple cards with different account 
numbers (Figure 5, shows the account table which holds information for a plurality of credit 
cards). Since most people today have more than one credit card, when a wallet is stolen or 
misplaced a thief has access to all of a victims credit and debit cards. 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to modify the memory subsystem of Findley to receive information sets on 
previous and current purchases made by a user from a plurality of credit cards, as taught by 
Penzias in order to provide protection and security for all of a customer's credit and debit cards. 



Application/Control Number: 09/466,438 



Page 8 



Art Unit: 3693 

Response to Arguments 

The Board decision mailed September 27, 2006 remanded this case back to the Examiner 
"to determine whether prior art is available that would have fairly suggested to one of ordinary 
skill in the art to modify the Findey method to include the step of requiring the user to answer a 
security-related question if the options for goods and/or services by the user are inconsistent with 
the user's prestored selections of goods and/or services." 

In response to this request the Examiner submits U.S. Patent Number 6,496,936 to 
French et al. In particular, French et al. teaches a method of authenticating via an authentication 
process which "may invoke association check 24 to evaluate whether the request under 
consideration is associated with other requests or attempts, whether recent, concurrent or 
otherwise. The purpose of the association checks is to filter requests suspected to be fraudulent 
or part of an attack of some kind." (see column 6, lines 46-53). 

French et al. goes on to teach on column 6, line 58 through column 7, line 5: 

"In a preferred embodiment, authentication process 10 stores information received 
through all requests in the authorization database 152, which stores transaction record 
1 12 logging all input received from the user. Using this information, association checks 
based upon available data are facilitated. For example, if one attempt at access includes a 
name and an associated social security number, a concurrent or later request with the 
same name but a different social security number may be denied or flagged for further 
authentication . 

Conversely, if the later request includes a different name but the previously 
submitted social security number, the request may also be denied or flagged for fiirther 
authentication. Association checks can examine any data provided by the user before or 
during the preprocessing step 26." 



Examiner notes that the passages relied upon by French et al. clearly teaches 
checking a user's options with prestored information and if the check is inconsistent the system 
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requires further authentication. Examiner notes that the further authentication of French et al. 
includes requiring the user to answer a security-related question (see for example column 3, lines 
18-22). 

Conclusion 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to James A. Kramer whose telephone number is (571) 272 6783. 
The examiner can normally be reached on Monday - Friday (8AM - 5PM). 

The fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




